Thank you

We respond to all inquiries as quickly as possible – often the same day. If you need to speak with us right away please contact us by phone.

Loading...

Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Patch Tuesday, October 2018

October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" Advisory for Microsoft Office. Among the patches 12 are rated "Critical," 34 are rated "Important," two rated "Moderate," and one rated as "Low."

Among the CVEs rated "Critical" are patches for Internet Explorer, Microsoft Edge and the ever-present remote code execution (RCE) vulnerabilities in the Microsoft Scripting Engine. The MSXML Parser also has an RCE vulnerability that could potentially be exploited by simply convincing a target to open a malicious XML file in Internet Explorer. Finally, and the most severe are two RCE vulnerabilities in the Hyper-V platform which is often deployed in shared, low-trust environments.

Multiple software packages get vulnerabilities rated "Important" patched. On the server side, Microsoft SQL Server, Windows DNS, Microsoft Exchange, and Microsoft SharePoint all suffer from multiple vulnerabilities including Elevation of Privilege and Information Disclosure. Client-side software like Internet Explorer, Microsoft Word and Excel, and Windows Media Player are patched as are core Windows components like the NTFS driver, the TCP/IP stack, and the Kernel.

This might not be the scariest Patch Tuesday in October, but you definitely don't want people knocking on your systems looking for these tricks and treats. Time to get patching.